The number of ransomware victims is booming — despite major threats being shut down

News
By published

Hive and Ragnar are no more, but does it matter?

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

Despite the police dismantling some of the biggest and most dangerous ransomware threats out there, ransomware as a criminal industry continues to flourish. 

A new report from cybersecurity researchers from Palo Alto Networks' Unit 42, which found a 49% increase in victims reported on ransomware leak sites. 

In total, there were 3,998 new entries, posted by various groups, across the dark web. 

Short expiration date on ransomware groups

Unit 42 attributed this surge to high-profile vulnerabilities like SQL injection, which were used on products like MOVEit and GoAnywhere. Those with good memory will remember that Cl0p, for example, abused a zero-day vulnerability in the MOVEit managed file transfer solution to exfiltrate sensitive data on more than 2,000 organizations. Before that, the GoAnywhere fiasco saw firms like Procted & Gamble, or Hitachi, lose sensitive files.

LockBit, ALPHV, and others, all tried to find zero-day flaws to abuse and either install encryptors, or just exfiltrate data and demand ransom. 

As the number of victims grows, at the same time the number of ransomware operators is shrinking. Hive and Ragnar Locker are no more, and so are Ransomed.Vc and Trigona. ALPHV was almost completely dismantled but managed to return, possibly rebranded. 

Furthermore, leak site data revealed the emergence of 25 new ransomware groups in 2023, which the researchers hint shows continued appeal in ransomware as a profitable criminal activity. However, many of these new groups did not last, disappearing in the second half of the year. 

As expected, ransomware operators weren’t really picky when it comes to the target industry, but manufacturing still remained the most affected vertical out there. Most victims - 47% - are located in the United States. LockBit remained the most active group in 2023, followed by ALPHV (AKA BlackCat) and Cl0p.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
A computer being guarded by cybersecurity.
The impact of the cyber insurance industry in resilience against ransomware
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Ninkear MBOX 8 Pro

This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
See more latest
Most Popular
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so
Discord Clyde
Discord's game overlay has seen a complete revamp - I've tried it, and it's one of the best updates ever
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
Canon EOS R50 V on a wooden table, alongside the EOS R50
I tried Canon's two new vlogging cameras – here's why the EOS R50 V offers better video value
Canon RF 20mm F1.4L VCM lens on a wooden table, alongside three other Canon hybrid prime lenses
Canon’s new 20mm f/1.4 lens could be the ultimate wide-angle prime for astro photography and video work, but its pricey